How to Add Scalefusion to Your Antivirus Allowlist

To ensure uninterrupted operation of the Scalefusion Mobile Device Management (MDM) agent, it is essential to configure antivirus and endpoint detection and response (EDR) solutions to exclude the application from active scans. Due to the advanced and privileged nature of MDM functionalities, antivirus software may misidentify legitimate agent behavior as suspicious, leading to policy enforcement issues or false positives.

This guide outlines general steps to add Scalefusion to antivirus exclusion lists—covering both standard procedures and specific instructions for Windows Defender. It also includes frequently asked questions that provide further context on why allowlisting is recommended and how Scalefusion ensures security and compliance.

General Steps (Applicable to Most Antivirus Programs)

Please note that the following steps are general guidelines and may vary depending on the antivirus program you are using.

1. Identify Scalefusion's Files and Processes:

   • Locate the installation path for Scalefusion ( C:\Program Files (x86)\Scalefusion )

   • Identify the main executable (.exe) files and associated service processes.

2. Open Antivirus Settings:

   • Open the antivirus program on your device.

   • Look for settings or configuration options (often under Settings, Advanced Settings, or Protection).

3. Locate the Exception/Exclusion Section:

   • Look for terms like:

     • Exclusions

     • Exceptions

     • Allowed Applications

     • Trusted Programs

4. Add Exceptions:

   • Choose the option to add a new exception.

   • You may be able to add:

     • File or folder paths (C:\Program Files (x86)\Scalefusion)

     • Executable files

     • Entire directories

     • Specific processes or services

   • Optionally, exclude by file hash or digital signature (in some advanced antivirus platforms).

5. Save and Restart if Needed:

   • Save the settings.

   • Restart the antivirus or your device if prompted.

Examples for Common Antivirus Software

Here are the steps to add Scalefusion to the Windows Defender exclusion list

1. Open Windows Security: Navigate to Start > Settings > Update & Security > Windows Security > Virus & threat protection.
   

   

2. Under Virus & threat protection settings, click Manage settings.
   

   

3. Scroll down to Exclusions and click Add or remove exclusions.
   

   

4. Add an Exclusion: Choose Add an exclusion, then select Folders from the dropdown.
   

   

5. Choose Folder and Browse

   • Select Folder. In the file dialog, browse to:
     C:\Program Files (x86)\Scalefusion

   • Select the Scalefusion folder and click Select Folder (or ‘Add’).

6. Verify: The folder should now be listed under the exclusions.

By excluding the Scalefusion installation directory from real‑time scanning, Windows Defender won’t interfere with Managed Device (MDM) operations. This helps avoid policy enforcement delays or false-positives within the MDM-managed folder.

Justification for Allow listing Scalefusion – FAQs

1. Why is Scalefusion required to be allowlisted in Antivirus/EDR solutions?

Scalefusion functions as an advanced MDM agent, performing legitimate but privileged operations such as system configuration, kiosk lockdown, app control, and network/domain restrictions. These actions often resemble malware-like behavior to heuristic-based EDR/AV engines, which may result in false positives unless the application folder is explicitly allowlisted.

2. What kind of operations does the Scalefusion agent perform?

The agent performs critical system-level tasks, including:

• Enforcing device and security policies

• Controlling user access and shell behavior (kiosk mode)

• Managing applications, Windows accounts, and user credentials

• Controlling device hardware, domains, and URLs

• Handling registry and file system changes with admin privileges
  These actions are essential for complete endpoint control and offline management in enterprise environments.

3. Is Scalefusion software digitally signed?

Yes. All Scalefusion binaries and installers are digitally signed using a DigiCert Code Signing Certificate, ensuring:

• Publisher authenticity

• Protection against tampering or spoofing

Starting from version 16.0.3, the Scalefusion MDM Agent for Windows is digitally signed.

4. Does digital signing prevent EDR or AV from blocking the agent?

Not always. While signing improves trust and reduces generic warnings, modern EDRs use behavioral analysis. Even signed executables may be flagged based on their actions. Therefore, policy-based allowlisting or folder exclusions are still required for seamless operation.

5. What security practices does Scalefusion follow?

Scalefusion is developed with enterprise-grade security controls:

• ISO 27001 and SOC 2 Type II certified

• Secure SDLC practices with static and dynamic testing

• Encrypted local storage and logs

• HTTPS/TLS 1.2 encrypted communications

• Code obfuscation to prevent reverse engineering

• Periodic runtime integrity checks

6. What if we don’t allowlist the Scalefusion folder?

Without allowlisting, there may be:

• Feature degradation or failure in agent-based functionality

• Delays in policy enforcement

• Possible blocking of critical background operations
  While Scalefusion supports agentless Modern Management, agent-based deployments are required for full control, offline functionality, and advanced use cases.

7. Has Scalefusion engaged with AV vendors for allowlisting?

Yes. We are actively in the process of submitting our agent binaries to major AV/EDR vendors for review and allowlisting. This process can take time, but we are fully committed to ensuring compatibility and minimizing detection issues.

8. Is there transparency and control for customers?

Yes. Customers retain full control over:

• Agent installation and update timing

• Permissions and file locations

• Visibility into what the agent does on the device
  Our support and engineering teams offer full transparency and can assist in audit documentation, agent behavior explanations, and compliance queries.